Eddiez9

**Name of the Vulnerable Software and Affected Versions** Traccar versions 5.8 through 6.0 Traccar versions 6.1 through 6.8.1 **Description** Traccar, an open source GPS tracking system, has a flaw that allows for unauthenticated local file inclusion attacks. This can result in the disclosure of passwords or any file on the file system, including the Traccar configuration file. Versions 5.8 through 6.0 are susceptible only if the configuration file includes `<entry key='web.override'>./override</entry>`. Versions 6.1 through 6.8.1 are vulnerable by default due to the web override being enabled. **Recommendations** Update to version 6.9.0 or later. For versions 5.8 through 6.0, ensure the `<entry key='web.override'>./override</entry>` setting is removed from the configuration file.